Why use Cloud App Security when my firewall already does this?

2017-07-27T00:00:58+00:00 April 12th, 2017|blog, Cloud, Microsoft, Micrsoft Cloud Solution Provider|

Microsoft’s new Cloud App Security (CAS) is a new product feature that comes with Microsoft’s Enterprise Mobility + Security E5 line of products.  The solution is a cloud-based application model built on Azure Active Directory but can also be used independently, although the dataset will not be as rich.

The idea is for customers to be able to gain deep insight into what apps their end-users are consuming, identify data drift and leakage, be able to “sanction” or “unsanctioned” applications, and even generate a block script to block those unsanctioned apps at the firewall level.  There are two paths to gathering this data:  Firewall Logs and Connected apps.

DISCOVER

You can discover information by manually importing firewall logs or even setup a connector VM which will gather the logs and upload them to the CAS for you.  This is not much different than technologies offered by the firewall providers themselves and, in many cases, will not provide as quick of a reaction as you’d receive from those vendor provided solutions.  The connector, by default, uploads logs from the firewall every 20 minutes and imports those into the CAS.

What I believe separates Cloud App Security different from the firewall provider solutions is that it integrates with Connected apps.  A Connected app is an application where CAS leverages APIs provided by the cloud provider.  Each provider has its own framework and limitations, so the functionality for each may depend on how much the provider has extended the API.

There are currently few Connected Apps that CAS supports but I’ve found that the biggest bang for your buck will be the Office 365 suite of applications.  This allows the CAS to see usage of the standard suite of Office apps and your Azure AD connected users.

INVESTIGATE

With the data gathered from the Connected apps, you can see information on File usage, owner information, app name, Collaborators, and more.  You will be able to tell who is accessing what files and who those files have been shared with.  You can drill down on particular user activity and see all of the apps and traffic volumes for their particular usage.

The Cloud Discovery Dashboard provides a rich view of information from a graphical perspective including dashboard items like App Categories which highlight usage based on categories such as CRM, Collaboration, Accounting, Storage apps, and more.  Other items on the dashboard show top discovered apps, top users, and even a geographical map of usage based on where the apps are being used.

CONTROL

Through alerts you may be made aware of Risky IP addresses, Mass downloads, New Cloud app usage, and more.  If a particular user is a concern, you even have the ability to suspend usage of a particular connected app for a particular user.  This adds a layer of security that a standard firewall report may not provide – especially if the user roams to another location off-premise where your firewall is not present.

Using the policies feature, I can set an alert, notify the user and CC their manager, or even suspend the user based on the several configuration policies that are available to me via the console.  This allows me to mitigate threats as they happen instead of waiting for a review of alerts or logs, possibly days or even weeks after the events occurred.

To summarize on Microsoft’s Cloud App Security, I would have to say that they are opening the door to rich integration with cloud based apps and providing another avenue to secure your corporate data.  With the deep integration of Office 365, those that have the E5 licensing should definitely take advantage of this product.  Even those interested, but not licensed can subscribe for a trial version and use the firewall discovery solution to get an immediate view of what’s being used internally.  This will allow your organization to have that much-needed discussion on BYOD and the security risks that ultimately partner with an open door policy.

If setup properly, adding Cloud App Security to your environment can greatly increase the level of security your organization has regarding the mobility of your data and users!

For More information, review the following useful links:

https://www.microsoft.com/en-us/cloud-platform/cloud-app-security

https://docs.microsoft.com/en-us/cloud-app-security/enable-instant-visibility-protection-and-governance-actions-for-your-apps

https://github.com/Microsoft/CloudAppSecurityDocs/blob/master/CloudAppSecurityDocs/what-is-cloud-app-security.md

 

5 Tips for connecting your Azure space to On-Premises…

2017-07-27T00:00:58+00:00 March 26th, 2017|Azure, blog, Cloud, Micrsoft Cloud Solution Provider|

Often, the easiest thing about using the Azure Cloud is getting started.  Whether it’s creating a VM, establishing a web service, etc., it’s usually as easy as a few clicks and you’ve got some “thing” running in a bubble.  That’s the easy part.

It’s what you do right after that can often be a challenge, since in many cases it involves inter-connectivity with your on-premises environment.  And at that point, whether it’s the early on, or even after long-thought-out deliberative designing, you may want to sit down and have a talk with your firewall/network team (who may never even have heard the word “Azure” before) and talk about exactly how to connect.

Please be mindful that the router/firewall people roll in a different workspace, and may have a different approach to what you’re trying to accomplish.  They may prefer to use third-party firewall/tunnel capabilities with which they are already familiar, or utilize the off-the-shelf options that Microsoft provides.  Note: This article is all about the built-in Microsoft options; we’ll have a discussion about third-party items in a future article.

Specifically when working with the native Azure connectivity options, the first thing you’ll want to do is point yourself and others at this URL, which provides most everything needed to get started:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-plan-design

…note that there are some great sub-pages there too, to take the conversation from “Why are we doing this” to “What is Azure” to “Let’s submit a ticket to increase our route limitation“.

But speaking as a server/cloud guy, I wanted to give you some simple but important tips you’ll need to know off the top of your head when speaking to your router people:

Tip #1
There are two types of Gateways for on-prem connections to the cloud: ExpressRoute and VPN.  ExpressRoute is awesome and preferred if you have that option.  If you don’t know what ExpressRoute is already, you probably can’t afford it or don’t need it — which leaves you with VPN.  The good news is that if done right, the VPNs can be perfectly fine for an Enterprise if you set them up right, and mind them well.

Tip #2
I’m mostly writing these VPN options down because I always forget it, but you need to know the definitions too:
“Static Routing” used to be called “PolicyBased” and your router person knows it as IKEv1
“Dynamic Routing” used to be called  “RouteBased” and your router person knows it as IKEv2

Tip #3
PolicyBased can only be used with “Basic” SKU, and only permits one tunnel and no transitive routing.  You probably do not want this except in the most simple of configurations.  Ironically, your router/firewall person will most likely configure your VPN this way if you don’t instruct them otherwise.  Watch out!

Tip #4
The firewall you have may not be supported.  But even if it’s not, that means two things:  you may be forced into PolicyBased (read Tip #3), or in many cases it will work just fine even if it’s not supported.  But you might be on your own if you have a problem, so know what you’re getting into.

Tip #5
Please calculate the total number of routes and gateways and such that you’ll be permitted based on the SKUs you’re chosen.  Make sure that your fanciful networking dreams will all come true when you finally get where you’re going.  Everything in Azure has a quota or limitation of some sort, and you can almost always get them raised from the low original limit, but some things just aren’t possible without changing SKUs.

Extra Bonus Tip
Look into the “Network Watcher” preview for validating some of your networking flow and security, and for an instant dashboard of the quotas (mentioned in Tip #5).  It’s only available in some locations right now, but it’s looks like it will be quite nice.

…and that’s just scratching the surface, but those are some of the things I run into out there, and I thought it might save you a minute… or a day… or more…

Good luck out there!

Let’s slash through the hype and keep I.T. real

2017-07-27T00:00:58+00:00 December 9th, 2016|Announcements, blog|

New Video Series

Hello TekTopics readers!  I am excited to announce we are launching a vlog: “Keeping I.T. Real”

In this new video series, we will slash through the hype and share critical and essential technologies, tools, and tips.  We will bring you only those which are real, worthy of your trust, and upon which you can build and grow your company.  As a trusted and reputable virtualization and cloud company with customers across the globe, Coretek has worked with all kinds of old and new technologies – some good, some bad, some ahead of their time, and some that need to be retired.  Be a part of the discussion of new ideas, trends, and technologies.

Your host, Mitch Howell, will be your guide through each topic.  Mitch will be introducing you to the key players, including guests within Coretek Services and our most valuable partners.  Be sure to stayed tuned… and keep I.T. real!

Get to know the Host

Mitch Howell is a Client Executive with Coretek Services.  Mitch Howell came to Coretek Services in February of 2016, after spending 7+ years in Technical Sales, Sales Management & Solution Architecture within the Data Center Infrastructure industry.  Once Mitch identified the trends towards a Software Defined World, he naturally made the decision to join the growing Coretek Team.  Coretek began as a nationally recognized Virtualization Solutions Integrator, but has evolved into an organization that is transforming the way we leverage Cloud technology today.

mitchimage

Community Service Project with Rebuilding Together

2017-07-27T00:00:58+00:00 October 20th, 2016|blog, Community Project, Giving Back|

Coretek Services and Rebuilding Together Community Service Project 2016Keeping with the annual charitable tradition of our Community Service project for 2016, Coretek jumped in with our hearts and hands to renovate and rejuvenate the home of some local neighbors who do not have the financial resources or manpower to do it themselves.  Partnering with Rebuilding Together again for the second year in a row, Coretek visited the home of a veteran and his wife whose established home was in need of some major landscaping and yard work, along with some indoor repairs and organization.

The day’s weather loomed overcast and rainy, but that did not dissuade nearly 30 Coretek employees and their families from waking up early on a Saturday morning and driving from various parts of metro Detroit to put in their all.  It was a messy and muddy day — full of tree branches, carpentry, and unexpected project delays.  But these are the challenges that bring out the best in all of us!  And in the end, it was nothing but sunshine beaming from the happy home.

The homeowners were grateful and pleased with the work the Coretek team did, and we all were thankful to have the opportunity to give back to this deserving couple.

And we also want to thank the folks at Rebuilding Together for everything they bring to our Community Service projects!  To find out more about who they are, click here to learn more about Rebuilding Together and see if you or your organization can get involved.

The Advantages of Working with a Microsoft Cloud Solution Provider (CSP)

2017-07-27T00:00:58+00:00 October 2nd, 2016|Azure, blog, Cloud, Microsoft, Micrsoft Cloud Solution Provider|

There are many cloud services platforms — and numerous cloud service providers — to assist your organization with the strategy, deployment, and management of your cloud initiative.  In this ever-growing landscape of cloud providers, how do you choose the partner that is best for your business?

We have uncovered the key attributes which will determine your cloud projects’ success when selecting a cloud solution provider: experience, value, and fit.  Evaluating these three credentials of your cloud provider candidates will drive your cloud strategy, deployment, and management success rate.microsoft-cloud-solution-provider

Experience

First, you want a provider that has several cloud veterans that are constantly in touch with the state of the industry.  Coretek Services employs folks that are cloud product veterans in Azure and many of the other cloud technologies.  In fact, members of our team have been instrumental in building the Azure cloud solution when they were employed at Microsoft.

Next, you want to know that your provider isn’t “cloud only” but also has experience in data center infrastructure, virtualization, mobility, security, and your specific business domain such as healthcare, manufacturing, and others.  Few cloud service providers can offer you this additional depth of experience.

Value

You want your provider to provide value beyond just the cloud product being delivered.  This means that you want your new cloud partner to have significant relationships and partnerships with other technology vendors as well as the necessary expertise in those platforms.

As a Microsoft Cloud Solution Provider (CSP), we have a significant value partnership in Azure.  We have relationships with the product development teams and input into the feature development process.  It allows us to represent cloud computing trends that our customers are experiencing to the cloud product development team.

cloud-service-providerWhile you get a great product in Azure because Microsoft is focused on delivering the very best, we are free to build value-added features for our customers.  For example, we can tailor automation to your business to make your cloud usage more efficient, such as decreasing services when your business is closed or by increasing services when demand bursts to higher levels.  This allows you to control your costs and forecast your needs well in advance.

Simply put — you get the best of both worlds.  It allows your organization to receive the best that Azure can provide along

with the detailed focus of your IT business needs, which Coretek Services provides.

Priority and Fitcsp

As a Microsoft CSP, we quickly identify the technical problems and bring the right solutions and people rapidly to your assistance.  Coretek Services makes your organizations needs a top priority.  We will fit into your business in the way that is most appropriate to you providing professional services, managed services, or the mix that you desire.

We believe in one thing.  Customer Success!  No Exceptions!

Coretek Services Picnic 2016

2017-07-27T00:00:58+00:00 August 24th, 2016|blog, Summer|

August 22, 2016 – Last weekend, Coretek Services hosted our annual Coretek Services Summer Picnic.  The event is always a fun opportunity for the Coretek family to enjoy the great summer weather before kids go back to school.

The event was more than just a picnic with great food; it was a time for co-workers and families to have fun.  Attendees were able to compete in a variety of summer games, including water balloon toss, three-legged race, egg and spoon race, corn hole, and gaga pit.  There were also bouncy houses, paddle boats, put-put golf, and LIVE MUSIC from Coretek employees!

Thanks for everyone for attended and helped make the event happen – we look forward to the event next year!  It’s great to be part of the Coretek family.

Theguys-300x200 Slingshot-300x200 JamSession2-1-300x200 Games-300x200 Gaga-Pit-300x200 Gaga-Pit-2-300x200 Cornhole-300x200  Bouncy-House-300x200 Airplanes-300x200CoretekKids-300x225

 

Enterprise Best Practice does not necessarily equal Cloud Best Practice…

2017-07-27T00:00:58+00:00 July 28th, 2016|Azure, blog|

This article might just be restating the obvious for some — but to put it bluntly, a “best-practice” Enterprise Active Directory (AD) design feature may not perfectly translate to a Cloud-based deployment scenario. Let me explain…

When Good Mappings Go Bad

Let’s imagine an enterprise that has done a good job of providing universal access to user Home Folders by using the AD Home Folder attributes on the user objects.  Very common indeed, and very well loved in most cases.  In a well-designed infrastructure, the users get access to the Home Folder from almost anywhere in the world, and from a variety of platforms including local, remote, and thin/terminal access.

On top of that, imagine further that the environment utilized the individual logon script user object attribute to determine group memberships, deliver printers, and maybe even deliver a mapping or two.  All of this is fine (though arguably cumbersome) in a high-speed environment where the network inter-connectivity is not rate-limited or rate-charged.

Now however, let’s imagine being one of those users authenticating to an RDS/Terminal Server (session hosts) farm in a cloud-based domain instead of in the Enterprise.  Hmm.  Suddenly, different access and performance considerations appear when walking through that logon process.  For instance, while that Home Folder server may be reachable from that RDS farm, that lookup and access of the file server might very well be across a VPN pipe that is slow; or even if it’s fast, there may be a charge for egress data transfer as is the case with Microsoft Azure.  Oh, and that logon script will definitely hit the Domain Controller looking for all of what it needs to draw conclusions; and in the end, may attempt to map you to things you cannot even reach.

Can you solve this problem by putting domain controllers in the cloud?  Well, part of it — if you use good AD Site and Subnet configuration.  But you can’t escape the fact that your enterprise user objects may attempt to reach beyond those controllers and into the infrastructure to access what they must, and time-out on what they cannot (read: slow logon).

The GPO is your frienemy

And don’t even get me started on GPOs.  Yes, you know them, and you love them, and you use them to provide a rock-solid enterprise configuration for your users…  But what about those mandatory proxy registry settings that matter in the cloud?  What about those printer map settings?  What about those WMI evaluations?  The Item-Level Targeting?  And so on.

And then one day of course, there’s the one GPO setting that accidentally gets applied to those users that inexplicably wipes out their access to the application in the cloud-based RDS farm.

The bottom line is that again, things that may be prudent and reasonable in the Enterprise may be detrimental to the Cloud users’ experience.

So what can you do?

First, step back.  Ask yourself if your user logon process is clean, lean, and mean, and prudent for a Cloud-based experience.  It may very well be the case, but it likely is not.  So if you find that you’ve been a good and dutiful Enterprise admin and used Active Directory to tightly configure that user, you might be faced with a need to have a separate directory for your Cloud environment that is either replicated, integrated, or federated.  Which, for some organizations, may very well cause them to have to re-think security models (or at least re-imagine the ones they have), evaluate provisioning, and so on, as part of a larger Cloud Strategy.

Or, if your situation permits, you might be able to take advantage of the soon-to-be-released Azure Active Directory Domain Services, as long your design doesn’t run up against some of the limitations (I strongly recommend you read the FAQ and other documentation before deciding it’s right for you).

Now you’ve heard what to watch out for, but the options you utilize going forward depend on what you are trying to achieve.  Good luck out there, and let us know if we can help…

Hyper-V, Windows 10, and Insider Preview…

2017-07-27T00:00:58+00:00 July 21st, 2016|blog, Hyper-V, Microsoft|

I am guilty of running Windows 10 with the Insider Preview “Fast Ring” in production as my day-to-day laptop.  I also maintain a lab of Hyper-V Virtual Machines (VMs) on my laptop that use shared virtual networking with the built-in interfaces, so I can have the equivalent of a NAT environment for my VMs.

Mind you, it’s really been great in almost every way — except that every time I get an update to the Windows 10 Insider Preview (and that is ever few days lately), I have to re-configure my interface sharing and NAT so my VMs can reach the Internet.  So, I thought I’d whip up the steps for you, in case you face the same thing.

So first, after you notice that your VMs don’t have Internet access — and then you remember that you got another Fast Ring update recently, you do this:

Open the Hyper-V Manager on the Windows 10 laptop, and click on “Virtual Switch Manager…” from the Actions area.

Capture1

Select the virtual switch to be fixed, in my case named “Internal-NAT switch”, and change from Internal to Private, and apply.

Capture3

You may notice that the Hyper-V interface disappears from the laptop Interface list.  Select Internal again to change from Private, and click OK.  The Hyper-V interface reappears in the interface list.

Capture2

Right-click on the WiFi interface (or whichever you wish to share networking with the VMs), and choose Properties.  On the Sharing tab, ensure the box is checked for “Allow other network users…” and click the drop-down list under “Home networking connection:”.  Change from “Select a private network connection to choose the Hyper-V interface, and click OK.

Capture4

Note that the previous step has not *always* worked for me, though it usually does.  A couple times, I’ve had to either a.) un-check the check box and save before re-enabling sharing, or in rare cases, b.) go into Device Manger and remove the WiFi interface, reboot, and return to re-enable sharing.  Anyway, if all goes well and you’ve re-enabled sharing, your VM pings will start going through as the networking gets reconnected.

Capture6

I’ve become quite used to doing this series of steps and have got it down to a quick few moments, but it always seems to catch me off-guard each time it happens.  I hope it helps you a bit!

Ransomware Is On The Rise – How to Defend Yourself

2017-07-27T00:00:58+00:00 May 10th, 2016|blog, Malware, Mobility, Ransomware, Security|

The arms race between cybercriminals and security firms has reached a fever pitch. Today end users and businesses alike are faced with the growing threat of Ransomware. This is a type of malware that locks and encrypts devices and files preventing access unless a specific amount of money (Ransom) is paid. In 2015, the FBI received roughly 2,453 complaints related to Ransomware malware attacks, which amounted to $24.1 million in losses.

Ransomware relies on social engineering to spread through infected phishing emails, attachments, or malicious content running on infected websites. Once a machine has been compromised, the malware executes and encrypts all data files. This includes local files as well as network drive file storage. After the files are encrypted, they are unrecoverable unless a “ransom” is paid to the attacker. Outside of restoring from a backup the only way to restore the data is to pay the distributor of the malware. (Whoa!)

Picture1

Initially, individual home users were targeted — but the focus of these attacks has shifted, and businesses are now their primary targets. The shift of the attacks has made these Ransomware companies very profitable, and as such the problem is growing rapidly. As the malware continues to evolve and become more sophisticated, the organizations have grown and now have full time employees dedicated to developing and improving the malware. They leverage some of the most sophisticated phishing and social engineering techniques seen to date. The threat posed by Ransomware is growing and should not be underestimated by our clients.

To mitigate your risk ,the Internet Crime Complaint Center (IC3) division of the FBI recommends the following:

  1. Always use antivirus software and a firewall. It’s important to obtain and use antivirus software and firewalls from reputable companies. It’s also important to continually maintain both of these through automatic updates.
  1. Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.
  1. Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files. 
  1. Be skeptical. Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether.

IC3 additionally says if you believe you are a victim of ransomware to file a complaint with the FBI and suggests disconnecting from the internet to avoid any further data loss if you receive a message demanding payment.

Start a truly valuable conversation…

2017-07-27T00:00:58+00:00 April 21st, 2016|blog, Skype for Business|

At the heart of great teams is great communication

Productivity today is centered on conversations – sometimes a quick instant message or call, and sometimes a meeting planned in advance including voice, video and content sharing.  At Coretek, we believe that the heart of productivity is great teamwork, and that the heart of great teamwork is great communication.

Office 365 is a world-class productivity service that helps great teams to accomplish great achievements.  At the heart of Office 365 Communications is the Skype for Business service connecting your teams with the experience they love, in the Office applications they use every day.  With Skype for Business you can simplify your infrastructure with one platform for calling, conferencing, video, and sharing.

Achieve more with a fully integrated communication solution

Coretek offers a fully integrated communications solution based on Office 365, our services, and certified hardware to ensure the best experience for your end-users.  We help our customers along all the steps of the productivity improvement journey, starting with deployment planning and roll-out, to making sure your teams are up to speed with the new solution and comfortable enough with the new ways of communication.  By leveraging our company’s offering, your teams will be able to communicate like never before using Office 365 and Skype for Business.

How do you accomplish this?

Skype across Devices

Connect with your team anywhere using our mobile apps across Windows, iOS and AndroidTM, or bring remote participants into meeting spaces of all sizes with Skype for Business Room Systems.

Skype Across Devices

Complete Meeting Solution

Work like you are all in one room, even when you are not.  From collaborative team sessions to large broadcasts or dialing into a conference using your phone, Skype for Business is designed for all your meeting needs.

Complete Meeting Solution

Modern Voice with Cloud PBX

Make, receive, and transfer business calls in the office, at home, or on the road using phone, PC, and mobile.  Increase agility and consolidate management with voice services in Office 365.

Modern Voice with Cloud PBX

Security, Control and Compliance

Get end-to-end security, control and compliance that span from the user to the enterprise.  All powered by the on-demand scale and manageability of Office 365.

Security, Control and Compliance

Skype for Business voice

The bottom line is that Coretek’s integrated communications offering helps you take advantage of the following services and capabilities of Office 365 and Skype for Business:

  • Anywhere Access – ability to make and receive business calls in the office, at home, or on the road, using your business number on your smartphone, tablet, PC, or desk phone.
  • PSTN Conferencing – provides the flexibility to dial in to a meeting from a traditional phone, in addition to the existing ability to join a meeting with a single click on your PC or mobile device.
  • Skype Meeting Broadcast – makes it easier than ever to produce large virtual meetings for up to 10,000 meeting attendees, who can join from virtually any browser or device (see it in action). Now Skype for Business truly is a single platform for every type of meeting.
  • Cloud PBX – enables companies to eliminate separate PBX systems and transition to the cloud with Office 365 as the center of communications management.
  • PSTN Calling – ability to subscribe to Microsoft managed calling plans and phone numbers.
  • Skype Connectivity – Connect, communicate, and collaborate with colleagues, consumers, other businesses, and friends and family – anyone who uses Skype – with both voice and HD video.

Start a conversation with Coretek today and let us show you how you can bring truly valuable communication to your teams.

Load More Posts